io-event 1.14.5 → 1.16.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f6141a80c8923fb24a4073f61f45a2e2f8065e4f2b415108caa39229efe37d0b
-  data.tar.gz: 298a552f835530283020945d5005912263d0dc3042271fbc5eeb84d3f00b8bda
+  metadata.gz: 8cc6abcf010ce881e4623a5736241660d1ebf6a84883767d761616ddcb23bf4e
+  data.tar.gz: 4a438756e87e8feaefaafb40014f36c2b240fbbd837d4581c657eb310cb9b95a
 SHA512:
-  metadata.gz: 64566ccf2e42e38dde477984ae4c511d2c673b1869e266f49ecda467ddcccef28167a345dcca11126e05e0345ebe58b550981e1c135ca982a8ad7b56d5748418
-  data.tar.gz: c56c85168138319c4c527843484bfbbd7a3b685e72bf546aa32e6c01d6476ccc32e3f073aa1062d8699e916eba1d78de7fe263caff00db376c522c220ddc1aa1
+  metadata.gz: b910e009ff697f179290d916e5914621d25a5478e0f09ac806563a0c3808b30fc28ca652042608e60625830468f37088943559c590112dfadb0d3a48d3b54688
+  data.tar.gz: c7501e4ef87e5c9744d666e43494b60b2b3c490d9e9cb55b75a87f7de199e1421b49ba0ce5e176cbaf230d6f3b8f838a5745cff81bac6f826328e7665de7a9e9

data/ext/io/event/array.h

@@ -5,8 +5,6 @@
 
 #include <ruby.h>
 #include <stdlib.h>
-#include <errno.h>
-#include <assert.h>
 
 static const size_t IO_EVENT_ARRAY_MAXIMUM_COUNT = SIZE_MAX / sizeof(void*);
 static const size_t IO_EVENT_ARRAY_DEFAULT_COUNT = 128;
@@ -28,26 +26,18 @@ struct IO_Event_Array {
 	void (*element_free)(void*);
 };
 
-inline static int IO_Event_Array_initialize(struct IO_Event_Array *array, size_t count, size_t element_size)
+// Initialise an empty array.  Raises `NoMemoryError` if Ruby's allocator cannot satisfy the request.
+inline static void IO_Event_Array_initialize(struct IO_Event_Array *array, size_t count, size_t element_size)
 {
 	array->limit = 0;
 	array->element_size = element_size;
 	
 	if (count) {
-		array->base = (void**)calloc(count, sizeof(void*));
-		
-		if (array->base == NULL) {
-			return -1;
-		}
-		
+		array->base = (void**)xcalloc(count, sizeof(void*));
 		array->count = count;
-		
-		return 1;
 	} else {
 		array->base = NULL;
 		array->count = 0;
-		
-		return 0;
 	}
 }
 
@@ -72,24 +62,24 @@ inline static void IO_Event_Array_free(struct IO_Event_Array *array)
 			if (element) {
 				array->element_free(element);
 				
-				free(element);
+				xfree(element);
 			}
 		}
 		
-		free(base);
+		xfree(base);
 	}
 }
 
-inline static int IO_Event_Array_resize(struct IO_Event_Array *array, size_t count)
+// Grow the array so it can hold at least `count` slots.  Raises `RangeError` if `count` exceeds the per-array maximum, or `NoMemoryError` if Ruby's allocator cannot satisfy the request.  On success the array's existing contents are preserved and any newly added slots are zero-initialised.
+inline static void IO_Event_Array_resize(struct IO_Event_Array *array, size_t count)
 {
 	if (count <= array->count) {
 		// Already big enough:
-		return 0;
+		return;
 	}
 	
 	if (count > IO_EVENT_ARRAY_MAXIMUM_COUNT) {
-		errno = ENOMEM;
-		return -1;
+		rb_raise(rb_eRangeError, "Array size exceeds maximum count!");
 	}
 	
 	size_t new_count = array->count;
@@ -107,31 +97,24 @@ inline static int IO_Event_Array_resize(struct IO_Event_Array *array, size_t cou
 		new_count *= 2;
 	}
 	
-	void **new_base = (void**)realloc(array->base, new_count * sizeof(void*));
-	
-	if (new_base == NULL) {
-		return -1;
-	}
+	// `xrealloc2` checks `new_count * sizeof(void*)` for overflow and raises `NoMemoryError` on allocation failure, so no NULL check is required.
+	void **new_base = (void**)xrealloc2(array->base, new_count, sizeof(void*));
 	
 	// Zero out the new memory:
 	memset(new_base + array->count, 0, (new_count - array->count) * sizeof(void*));
 	
 	array->base = (void**)new_base;
 	array->count = new_count;
-	
-	// Resizing sucessful:
-	return 1;
 }
 
+// Look up the element at the given index, allocating it lazily on first access.  Raises if the array cannot be grown or the element cannot be allocated.
 inline static void* IO_Event_Array_lookup(struct IO_Event_Array *array, size_t index)
 {
 	size_t count = index + 1;
 	
-	// Resize the array if necessary:
+	// Resize the array if necessary (may raise):
 	if (count > array->count) {
-		if (IO_Event_Array_resize(array, count) == -1) {
-			return NULL;
-		}
+		IO_Event_Array_resize(array, count);
 	}
 	
 	// Get the element:
@@ -139,8 +122,8 @@ inline static void* IO_Event_Array_lookup(struct IO_Event_Array *array, size_t i
 	
 	// Allocate the element if it doesn't exist:
 	if (*element == NULL) {
-		*element = malloc(array->element_size);
-		assert(*element);
+		// Ruby's allocator triggers GC on memory pressure and raises `NoMemoryError` on failure, so no NULL check is required.
+		*element = xmalloc(array->element_size);
 		
 		if (array->element_initialize) {
 			array->element_initialize(*element);
@@ -166,7 +149,7 @@ inline static void IO_Event_Array_truncate(struct IO_Event_Array *array, size_t
 			void **element = array->base + i;
 			if (*element) {
 				array->element_free(*element);
-				free(*element);
+				xfree(*element);
 				*element = NULL;
 			}
 		}

data/ext/io/event/selector/epoll.c

@@ -175,13 +175,8 @@ static const rb_data_type_t IO_Event_Selector_EPoll_Type = {
 inline static
 struct IO_Event_Selector_EPoll_Descriptor * IO_Event_Selector_EPoll_Descriptor_lookup(struct IO_Event_Selector_EPoll *selector, int descriptor)
 {
-	struct IO_Event_Selector_EPoll_Descriptor *epoll_descriptor = IO_Event_Array_lookup(&selector->descriptors, descriptor);
-	
-	if (!epoll_descriptor) {
-		rb_sys_fail("IO_Event_Selector_EPoll_Descriptor_lookup:IO_Event_Array_lookup");
-	}
-	
-	return epoll_descriptor;
+	// `IO_Event_Array_lookup` raises on allocation failure, so the returned pointer is always non-NULL.
+	return IO_Event_Array_lookup(&selector->descriptors, descriptor);
 }
 
 static inline
@@ -324,10 +319,7 @@ VALUE IO_Event_Selector_EPoll_allocate(VALUE self) {
 	
 	selector->descriptors.element_initialize = IO_Event_Selector_EPoll_Descriptor_initialize;
 	selector->descriptors.element_free = IO_Event_Selector_EPoll_Descriptor_free;
-	int result = IO_Event_Array_initialize(&selector->descriptors, IO_EVENT_ARRAY_DEFAULT_COUNT, sizeof(struct IO_Event_Selector_EPoll_Descriptor));
-	if (result < 0) {
-		rb_sys_fail("IO_Event_Selector_EPoll_allocate:IO_Event_Array_initialize");
-	}
+	IO_Event_Array_initialize(&selector->descriptors, IO_EVENT_ARRAY_DEFAULT_COUNT, sizeof(struct IO_Event_Selector_EPoll_Descriptor));
 	
 	return instance;
 }
@@ -615,6 +607,11 @@ VALUE io_read_loop(VALUE _arguments) {
 	size_t offset = arguments->offset;
 	size_t total = 0;
 	
+	// Ensure offset is within the bounds of the buffer to avoid size_t underflow and out-of-bounds pointer arithmetic on (char *)base + offset.
+	if (offset > size) {
+		return rb_fiber_scheduler_io_result(-1, EINVAL);
+	}
+	
 	size_t maximum_size = size - offset;
 	while (maximum_size) {
 		ssize_t result = read(arguments->descriptor, (char*)base+offset, maximum_size);
@@ -713,6 +710,11 @@ VALUE io_write_loop(VALUE _arguments) {
 		rb_raise(rb_eRuntimeError, "Length exceeds size of buffer!");
 	}
 	
+	// Ensure offset is within the bounds of the buffer to avoid size_t underflow and out-of-bounds pointer arithmetic on (char *)base + offset.
+	if (offset > size) {
+		return rb_fiber_scheduler_io_result(-1, EINVAL);
+	}
+	
 	size_t maximum_size = size - offset;
 	while (maximum_size) {
 		ssize_t result = write(arguments->descriptor, (char*)base+offset, maximum_size);

data/ext/io/event/selector/kqueue.c

@@ -174,13 +174,8 @@ static const rb_data_type_t IO_Event_Selector_KQueue_Type = {
 inline static
 struct IO_Event_Selector_KQueue_Descriptor * IO_Event_Selector_KQueue_Descriptor_lookup(struct IO_Event_Selector_KQueue *selector, uintptr_t descriptor)
 {
-	struct IO_Event_Selector_KQueue_Descriptor *kqueue_descriptor = IO_Event_Array_lookup(&selector->descriptors, descriptor);
-	
-	if (!kqueue_descriptor) {
-		rb_sys_fail("IO_Event_Selector_KQueue_Descriptor_lookup:IO_Event_Array_lookup");
-	}
-	
-	return kqueue_descriptor;
+	// `IO_Event_Array_lookup` raises on allocation failure, so the returned pointer is always non-NULL.
+	return IO_Event_Array_lookup(&selector->descriptors, descriptor);
 }
 
 inline static
@@ -299,10 +294,7 @@ VALUE IO_Event_Selector_KQueue_allocate(VALUE self) {
 	selector->descriptors.element_initialize = IO_Event_Selector_KQueue_Descriptor_initialize;
 	selector->descriptors.element_free = IO_Event_Selector_KQueue_Descriptor_free;
 	
-	int result = IO_Event_Array_initialize(&selector->descriptors, IO_EVENT_ARRAY_DEFAULT_COUNT, sizeof(struct IO_Event_Selector_KQueue_Descriptor));
-	if (result < 0) {
-		rb_sys_fail("IO_Event_Selector_KQueue_allocate:IO_Event_Array_initialize");
-	}
+	IO_Event_Array_initialize(&selector->descriptors, IO_EVENT_ARRAY_DEFAULT_COUNT, sizeof(struct IO_Event_Selector_KQueue_Descriptor));
 	
 	return instance;
 }
@@ -605,6 +597,11 @@ VALUE io_read_loop(VALUE _arguments) {
 	
 	if (DEBUG_IO_READ) fprintf(stderr, "io_read_loop(fd=%d, length=%zu)\n", arguments->descriptor, length);
 	
+	// Ensure offset is within the bounds of the buffer to avoid size_t underflow and out-of-bounds pointer arithmetic on (char *)base + offset.
+	if (offset > size) {
+		return rb_fiber_scheduler_io_result(-1, EINVAL);
+	}
+	
 	size_t maximum_size = size - offset;
 	while (maximum_size) {
 		if (DEBUG_IO_READ) fprintf(stderr, "read(%d, +%ld, %ld)\n", arguments->descriptor, offset, maximum_size);
@@ -713,6 +710,11 @@ VALUE io_write_loop(VALUE _arguments) {
 	
 	if (DEBUG_IO_WRITE) fprintf(stderr, "io_write_loop(fd=%d, length=%zu)\n", arguments->descriptor, length);
 	
+	// Ensure offset is within the bounds of the buffer to avoid size_t underflow and out-of-bounds pointer arithmetic on (char *)base + offset.
+	if (offset > size) {
+		return rb_fiber_scheduler_io_result(-1, EINVAL);
+	}
+	
 	size_t maximum_size = size - offset;
 	while (maximum_size) {
 		if (DEBUG_IO_WRITE) fprintf(stderr, "write(%d, +%ld, %ld, length=%zu)\n", arguments->descriptor, offset, maximum_size, length);

data/ext/io/event/selector/selector.c

@@ -106,8 +106,19 @@ VALUE IO_Event_Selector_loop_resume(struct IO_Event_Selector *backend, VALUE fib
 
 VALUE IO_Event_Selector_loop_yield(struct IO_Event_Selector *backend)
 {
-	// TODO Why is this assertion failing in async?
-	// RUBY_ASSERT(backend->loop != IO_Event_Fiber_current());
+	// Under normal operation, a user fiber yields back to the event loop fiber.
+	// However, in some cases (e.g. blocking IO called from within the scheduler
+	// fiber itself), the current fiber may already be the loop fiber. In that case,
+	// transferring to ourselves would be a no-op in Ruby, but it signals a misuse:
+	// the event loop fiber should never need to yield to itself, as nothing else
+	// would be running to resume it. We return immediately rather than self-transferring.
+	if (backend->loop == IO_Event_Fiber_current()) {
+		// Uncomment to investigate the callsite that triggers this condition:
+		// rb_warning("IO_Event_Selector_loop_yield: current fiber is the loop fiber");
+		// rb_funcall(rb_mKernel, rb_intern("puts"), 1, rb_funcall(rb_cThread, rb_intern("current"), 0));
+		return Qnil;
+	}
+
 	return IO_Event_Fiber_transfer(backend->loop, 0, NULL);
 }
 
@@ -235,8 +246,8 @@ VALUE IO_Event_Selector_raise(struct IO_Event_Selector *backend, int argc, VALUE
 
 void IO_Event_Selector_ready_push(struct IO_Event_Selector *backend, VALUE fiber)
 {
-	struct IO_Event_Selector_Queue *waiting = malloc(sizeof(struct IO_Event_Selector_Queue));
-	assert(waiting);
+	// Ruby's allocator triggers GC on memory pressure and raises `NoMemoryError` on failure, so no NULL check is required.
+	struct IO_Event_Selector_Queue *waiting = xmalloc(sizeof(struct IO_Event_Selector_Queue));
 	
 	waiting->head = NULL;
 	waiting->tail = NULL;
@@ -257,7 +268,7 @@ void IO_Event_Selector_ready_pop(struct IO_Event_Selector *backend, struct IO_Ev
 	if (ready->flags & IO_EVENT_SELECTOR_QUEUE_INTERNAL) {
 		// This means that the fiber was added to the ready queue by the selector itself, and we need to transfer control to it, but before we do that, we need to remove it from the queue, as there is no expectation that returning from `transfer` will remove it.
 		queue_pop(backend, ready);
-		free(ready);
+		xfree(ready);
 	} else if (ready->flags & IO_EVENT_SELECTOR_QUEUE_FIBER) {
 		// This means the fiber added itself to the ready queue, and we need to transfer control back to it. Transferring control back to the fiber will call `queue_pop` and remove it from the queue.
 	} else {

data/ext/io/event/selector/uring.c

@@ -8,9 +8,12 @@
 
 #include <liburing.h>
 #include <poll.h>
+#include <stdbool.h>
 #include <stdint.h>
 #include <time.h>
 
+#include "../interrupt.h"
+
 #include "pidfd.c"
 
 #include <linux/version.h>
@@ -29,13 +32,24 @@ struct IO_Event_Selector_URing
 {
 	struct IO_Event_Selector backend;
 	struct io_uring ring;
-	size_t pending;
 	
 	// Flag indicating whether the selector is currently blocked in a system call.
 	// Set to 1 when blocked in io_uring_wait_cqe_timeout() without GVL, 0 otherwise.
-	// Used by wakeup() to determine if an interrupt signal is needed.
 	int blocked;
 	
+	// Interrupt used to wake the selector from another thread without touching the ring's SQ.
+	// This allows IORING_SETUP_SINGLE_ISSUER: only the owner thread ever submits SQEs.
+	// Uses eventfd on Linux, pipe fallback elsewhere.
+	struct IO_Event_Interrupt interrupt;
+	
+	// Whether an async read on interrupt is currently pending in the ring.
+	// The read is re-submitted before each blocking wait when not registered.
+	int wakeup_registered;
+	
+	// Buffer for the pending async read on the interrupt descriptor.
+	// Must remain valid for the lifetime of the in-flight SQE.
+	uint64_t wakeup_value;
+	
 	struct timespec idle_duration;
 	
 	struct IO_Event_Array completions;
@@ -101,6 +115,12 @@ void IO_Event_Selector_URing_Type_compact(void *_selector)
 static
 void close_internal(struct IO_Event_Selector_URing *selector)
 {
+	if (selector->interrupt.descriptor >= 0) {
+		IO_Event_Interrupt_close(&selector->interrupt);
+		selector->interrupt.descriptor = -1;
+		selector->wakeup_registered = 0;
+	}
+	
 	if (selector->ring.ring_fd >= 0) {
 		io_uring_queue_exit(&selector->ring);
 		selector->ring.ring_fd = -1;
@@ -218,17 +238,15 @@ VALUE IO_Event_Selector_URing_allocate(VALUE self) {
 	IO_Event_Selector_initialize(&selector->backend, self, Qnil);
 	selector->ring.ring_fd = -1;
 	
-	selector->pending = 0;
 	selector->blocked = 0;
+	selector->interrupt.descriptor = -1;
+	selector->wakeup_registered = 0;
 	
 	IO_Event_List_initialize(&selector->free_list);
 	
 	selector->completions.element_initialize = IO_Event_Selector_URing_Completion_initialize;
 	selector->completions.element_free = IO_Event_Selector_URing_Completion_free;
-	int result = IO_Event_Array_initialize(&selector->completions, IO_EVENT_ARRAY_DEFAULT_COUNT, sizeof(struct IO_Event_Selector_URing_Completion));
-	if (result < 0) {
-		rb_sys_fail("IO_Event_Selector_URing_allocate:IO_Event_Array_initialize");
-	}
+	IO_Event_Array_initialize(&selector->completions, IO_EVENT_ARRAY_DEFAULT_COUNT, sizeof(struct IO_Event_Selector_URing_Completion));
 	
 	return instance;
 }
@@ -240,7 +258,42 @@ VALUE IO_Event_Selector_URing_initialize(VALUE self, VALUE loop) {
 	TypedData_Get_Struct(self, struct IO_Event_Selector_URing, &IO_Event_Selector_URing_Type, selector);
 	
 	IO_Event_Selector_initialize(&selector->backend, self, loop);
-	int result = io_uring_queue_init(URING_ENTRIES, &selector->ring, 0);
+	
+	unsigned int flags = 0;
+	// IORING_SETUP_SINGLE_ISSUER (kernel 6.0+): only the owner thread submits SQEs.
+	// Safe here because wakeup() uses eventfd (no ring access from other threads).
+#ifdef IORING_SETUP_SINGLE_ISSUER
+	flags |= IORING_SETUP_SINGLE_ISSUER;
+#endif
+	// IORING_SETUP_DEFER_TASKRUN (kernel 6.1+, requires SINGLE_ISSUER): defer io_uring
+	// task work to the application thread rather than a kernel thread, reducing
+	// cross-CPU signaling overhead.
+#ifdef IORING_SETUP_DEFER_TASKRUN
+	flags |= IORING_SETUP_DEFER_TASKRUN;
+#endif
+	// IORING_SETUP_TASKRUN_FLAG (kernel 5.19+, always available alongside
+	// DEFER_TASKRUN): the kernel surfaces IORING_SQ_TASKRUN in sq.flags whenever
+	// task work is pending, so select() can skip the io_uring_get_events()
+	// syscall when there is nothing deferred to flush.
+#ifdef IORING_SETUP_TASKRUN_FLAG
+	flags |= IORING_SETUP_TASKRUN_FLAG;
+#endif
+	// IORING_SETUP_SUBMIT_ALL (kernel 5.18+): keep processing the rest of the SQE
+	// batch even when one fails, reducing the frequency of short submits.
+#ifdef IORING_SETUP_SUBMIT_ALL
+	flags |= IORING_SETUP_SUBMIT_ALL;
+#endif
+	
+	int result = io_uring_queue_init(URING_ENTRIES, &selector->ring, flags);
+	
+#ifdef IORING_SETUP_SUBMIT_ALL
+	if (result == -EINVAL) {
+		// IORING_SETUP_SUBMIT_ALL was added in Linux 5.18; retry without it.
+		if (DEBUG) fprintf(stderr, "IO_Event_Selector_URing_initialize: no IORING_SETUP_SUBMIT_ALL\n");
+		flags &= ~IORING_SETUP_SUBMIT_ALL;
+		result = io_uring_queue_init(URING_ENTRIES, &selector->ring, flags);
+	}
+#endif
 	
 	if (result < 0) {
 		rb_syserr_fail(-result, "IO_Event_Selector_URing_initialize:io_uring_queue_init");
@@ -248,6 +301,16 @@ VALUE IO_Event_Selector_URing_initialize(VALUE self, VALUE loop) {
 	
 	rb_update_max_fd(selector->ring.ring_fd);
 	
+	// Interrupt for cross-thread wakeup: another thread calls signal(); the owner
+	// thread submits an async read before each blocking wait so the ring wakes up
+	// without the waking thread ever touching the SQ.
+	IO_Event_Interrupt_open(&selector->interrupt);
+	if (selector->interrupt.descriptor < 0) {
+		io_uring_queue_exit(&selector->ring);
+		selector->ring.ring_fd = -1;
+		rb_sys_fail("IO_Event_Selector_URing_initialize:IO_Event_Interrupt_open");
+	}
+	
 	return self;
 }
 
@@ -353,60 +416,55 @@ void IO_Event_Selector_URing_dump_completion_queue(struct IO_Event_Selector_URin
 	}
 }
 
-// Flush the submission queue if pending operations are present.
+// Flush the submission queue, optionally yielding if unsuccessful.
 static
-int io_uring_submit_flush(struct IO_Event_Selector_URing *selector) {
-	if (selector->pending) {
-		if (DEBUG) fprintf(stderr, "io_uring_submit_flush(pending=%ld)\n", selector->pending);
-		
-		// Try to submit:
+int io_uring_submit_all(struct IO_Event_Selector_URing *selector, bool yield) {
+	struct io_uring *ring = &selector->ring;
+
+	while (io_uring_sq_ready(ring) > 0) {
 		int result = io_uring_submit(&selector->ring);
 		
-		if (result >= 0) {
-			// If it was submitted, reset pending count:
-			selector->pending = 0;
-		} else if (result != -EBUSY && result != -EAGAIN) {
-			rb_syserr_fail(-result, "io_uring_submit_flush:io_uring_submit");
+		if (result == -EBUSY || result == -EAGAIN) {
+			if (yield) IO_Event_Selector_yield(&selector->backend);
+		} else if (result < 0) {
+			rb_syserr_fail(-result, "io_uring_submit_all:io_uring_submit");
+			return result;
 		}
-		
-		return result;
 	}
-	
+
+	if (DEBUG) IO_Event_Selector_URing_dump_completion_queue(selector);
+	return 0;
+}
+
+// Flush the submission queue if pending operations are present.
+static
+int io_uring_submit_flush(struct IO_Event_Selector_URing *selector) {
 	if (DEBUG) {
-		IO_Event_Selector_URing_dump_completion_queue(selector);
+		unsigned pending = io_uring_sq_ready(&selector->ring);
+		fprintf(stderr, "io_uring_submit_flush(pending=%u)\n", pending);
 	}
-	
-	return 0;
+
+	return io_uring_submit_all(selector, false);
 }
 
 // Immediately flush the submission queue, yielding to the event loop if it was not successful.
 static
 int io_uring_submit_now(struct IO_Event_Selector_URing *selector) {
-	if (DEBUG) fprintf(stderr, "io_uring_submit_now(pending=%ld)\n", selector->pending);
-	
-	while (true) {
-		int result = io_uring_submit(&selector->ring);
-		
-		if (result >= 0) {
-			selector->pending = 0;
-			if (DEBUG) IO_Event_Selector_URing_dump_completion_queue(selector);
-			return result;
-		}
-		
-		if (result == -EBUSY || result == -EAGAIN) {
-			IO_Event_Selector_yield(&selector->backend);
-		} else {
-			rb_syserr_fail(-result, "io_uring_submit_now:io_uring_submit");
-		}
+	if (DEBUG) {
+		unsigned pending = io_uring_sq_ready(&selector->ring);
+		fprintf(stderr, "io_uring_submit_now(pending=%u)\n", pending);
 	}
+
+	return io_uring_submit_all(selector, true);
 }
 
 // Submit a pending operation. This does not submit the operation immediately, but instead defers it to the next call to `io_uring_submit_flush` or `io_uring_submit_now`. This is useful for operations that are not urgent, but should be used with care as it can lead to a deadlock if the submission queue is not flushed.
 static
 void io_uring_submit_pending(struct IO_Event_Selector_URing *selector) {
-	selector->pending += 1;
-	
-	if (DEBUG) fprintf(stderr, "io_uring_submit_pending(ring=%p, pending=%ld)\n", &selector->ring, selector->pending);
+	if (DEBUG) {
+		unsigned pending = io_uring_sq_ready(&selector->ring);
+		fprintf(stderr, "io_uring_submit_pending(ring=%p, pending=%u)\n", &selector->ring, pending);
+	}
 }
 
 struct io_uring_sqe * io_get_sqe(struct IO_Event_Selector_URing *selector) {
@@ -418,7 +476,7 @@ struct io_uring_sqe * io_get_sqe(struct IO_Event_Selector_URing *selector) {
 		
 		sqe = io_uring_get_sqe(&selector->ring);
 	}
-	
+
 	return sqe;
 }
 
@@ -710,6 +768,11 @@ VALUE IO_Event_Selector_URing_io_read(VALUE self, VALUE fiber, VALUE io, VALUE b
 	size_t total = 0;
 	off_t from = io_seekable(descriptor);
 	
+	// Ensure offset is within the bounds of the buffer to avoid size_t underflow and out-of-bounds pointer arithmetic on (char *)base + offset.
+	if (offset > size) {
+		return rb_fiber_scheduler_io_result(-1, EINVAL);
+	}
+	
 	size_t maximum_size = size - offset;
 	
 	// Are we performing a non-blocking read?
@@ -775,6 +838,11 @@ VALUE IO_Event_Selector_URing_io_pread(VALUE self, VALUE fiber, VALUE io, VALUE
 	size_t total = 0;
 	off_t from = NUM2OFFT(_from);
 	
+	// Ensure offset is within the bounds of the buffer to avoid size_t underflow and out-of-bounds pointer arithmetic on (char *)base + offset.
+	if (offset > size) {
+		return rb_fiber_scheduler_io_result(-1, EINVAL);
+	}
+	
 	size_t maximum_size = size - offset;
 	while (maximum_size) {
 		int result = io_read(selector, fiber, descriptor, (char*)base+offset, maximum_size, from);
@@ -892,6 +960,11 @@ VALUE IO_Event_Selector_URing_io_write(VALUE self, VALUE fiber, VALUE io, VALUE
 		rb_raise(rb_eRuntimeError, "Length exceeds size of buffer!");
 	}
 
+	// Ensure offset is within the bounds of the buffer to avoid size_t underflow and out-of-bounds pointer arithmetic on (char *)base + offset.
+	if (offset > size) {
+		return rb_fiber_scheduler_io_result(-1, EINVAL);
+	}
+
 	size_t maximum_size = size - offset;
 	while (maximum_size) {
 		int result = io_write(selector, fiber, descriptor, (char*)base+offset, maximum_size, from);
@@ -947,6 +1020,11 @@ VALUE IO_Event_Selector_URing_io_pwrite(VALUE self, VALUE fiber, VALUE io, VALUE
 		rb_raise(rb_eRuntimeError, "Length exceeds size of buffer!");
 	}
 
+	// Ensure offset is within the bounds of the buffer to avoid size_t underflow and out-of-bounds pointer arithmetic on (char *)base + offset.
+	if (offset > size) {
+		return rb_fiber_scheduler_io_result(-1, EINVAL);
+	}
+
 	size_t maximum_size = size - offset;
 	while (maximum_size) {
 		int result = io_write(selector, fiber, descriptor, (char*)base+offset, maximum_size, from);
@@ -977,12 +1055,13 @@ VALUE IO_Event_Selector_URing_io_pwrite(VALUE self, VALUE fiber, VALUE io, VALUE
 
 static const int ASYNC_CLOSE = 1;
 
-VALUE IO_Event_Selector_URing_io_close(VALUE self, VALUE io) {
+VALUE IO_Event_Selector_URing_io_close(VALUE self, VALUE _descriptor) {
 	struct IO_Event_Selector_URing *selector = NULL;
 	TypedData_Get_Struct(self, struct IO_Event_Selector_URing, &IO_Event_Selector_URing_Type, selector);
 	
-	int descriptor = IO_Event_Selector_io_descriptor(io);
-
+	// Ruby's fiber scheduler `io_close` hook is invoked with a raw integer file descriptor (Ruby 4.0+); it does not pass the `IO` object.
+	int descriptor = RB_NUM2INT(_descriptor);
+	
 	if (ASYNC_CLOSE) {
 		struct io_uring_sqe *sqe = io_get_sqe(selector);
 		io_uring_prep_close(sqe, descriptor);
@@ -995,8 +1074,8 @@ VALUE IO_Event_Selector_URing_io_close(VALUE self, VALUE io) {
 	} else {
 		close(descriptor);
 	}
-
-	// We don't wait for the result of close since it has no use in pratice:
+	
+	// We don't wait for the result of close since it has no use in practice:
 	return Qtrue;
 }
 
@@ -1051,11 +1130,24 @@ void * select_internal(void *_arguments) {
 
 static
 int select_internal_without_gvl(struct select_arguments *arguments) {
-	io_uring_submit_flush(arguments->selector);
+	struct IO_Event_Selector_URing *selector = arguments->selector;
+	
+	// Submit an async read on the wakeup eventfd before releasing the GVL.
+	// When wakeup() writes to the fd the read completes, consuming the counter
+	// atomically — no separate poll + drain step required.
+	// The address of the interrupt struct serves as a unique sentinel in user_data.
+	if (!selector->wakeup_registered) {
+		struct io_uring_sqe *sqe = io_get_sqe(selector);
+		io_uring_prep_read(sqe, IO_Event_Interrupt_descriptor(&selector->interrupt), &selector->wakeup_value, sizeof(selector->wakeup_value), 0);
+		io_uring_sqe_set_data(sqe, &selector->interrupt);
+		selector->wakeup_registered = 1;
+	}
+	
+	io_uring_submit_flush(selector);
 	
-	arguments->selector->blocked = 1;
+	selector->blocked = 1;
 	rb_thread_call_without_gvl(select_internal, (void *)arguments, RUBY_UBF_IO, 0);
-	arguments->selector->blocked = 0;
+	selector->blocked = 0;
 	
 	if (arguments->result == -ETIME) {
 		arguments->result = 0;
@@ -1094,6 +1186,14 @@ unsigned select_process_completions(struct IO_Event_Selector_URing *selector) {
 			continue;
 		}
 		
+		// Interrupt read completion — the read already consumed the counter.
+		// Clear the flag so the next blocking wait re-submits the read.
+		if (io_uring_cqe_get_data(cqe) == &selector->interrupt) {
+			selector->wakeup_registered = 0;
+			io_uring_cq_advance(ring, 1);
+			continue;
+		}
+		
 		struct IO_Event_Selector_URing_Completion *completion = (void*)cqe->user_data;
 		struct IO_Event_Selector_URing_Waiting *waiting = completion->waiting;
 		
@@ -1136,6 +1236,25 @@ VALUE IO_Event_Selector_URing_select(VALUE self, VALUE duration) {
 	// Flush any pending events:
 	io_uring_submit_flush(selector);
 	
+#ifdef IORING_SETUP_DEFER_TASKRUN
+	// With DEFER_TASKRUN the kernel holds completions as "deferred task work"
+	// rather than placing them directly into the CQ.  We need to flush that work
+	// into the CQ so the non-blocking select_process_completions below can see
+	// it.  With TASKRUN_FLAG enabled the kernel sets IORING_SQ_TASKRUN in
+	// sq.flags whenever task work is pending; a relaxed atomic load is enough
+	// to check, and we only pay for an io_uring_enter syscall (via
+	// io_uring_get_events) when there is actually deferred work to flush.
+	if (selector->ring.flags & IORING_SETUP_DEFER_TASKRUN) {
+#ifdef IORING_SETUP_TASKRUN_FLAG
+		unsigned sq_flags = __atomic_load_n(selector->ring.sq.kflags, __ATOMIC_RELAXED);
+		if (sq_flags & IORING_SQ_TASKRUN)
+#endif
+		{
+			io_uring_get_events(&selector->ring);
+		}
+	}
+#endif
+	
 	int ready = IO_Event_Selector_ready_flush(&selector->backend);
 	
 	int result = select_process_completions(selector);
@@ -1179,25 +1298,10 @@ VALUE IO_Event_Selector_URing_wakeup(VALUE self) {
 	struct IO_Event_Selector_URing *selector = NULL;
 	TypedData_Get_Struct(self, struct IO_Event_Selector_URing, &IO_Event_Selector_URing_Type, selector);
 	
-	// If we are blocking, we can schedule a nop event to wake up the selector:
+	// Wake the selector by signalling the interrupt. This is safe from any thread
+	// and never touches the ring's SQ, which is required for IORING_SETUP_SINGLE_ISSUER.
 	if (selector->blocked) {
-		struct io_uring_sqe *sqe = NULL;
-		
-		while (true) {
-			sqe = io_uring_get_sqe(&selector->ring);
-			if (sqe) break;
-			
-			rb_thread_schedule();
-			
-			// It's possible we became unblocked already, so we can assume the selector has already cycled at least once:
-			if (!selector->blocked) return Qfalse;
-		}
-		
-		io_uring_prep_nop(sqe);
-		// If you don't set this line, the SQE will eventually be recycled and have valid user selector which can cause odd behaviour:
-		io_uring_sqe_set_data(sqe, NULL);
-		io_uring_submit(&selector->ring);
-		
+		IO_Event_Interrupt_signal(&selector->interrupt);
 		return Qtrue;
 	}
 	
@@ -1208,7 +1312,28 @@ VALUE IO_Event_Selector_URing_wakeup(VALUE self) {
 
 static int IO_Event_Selector_URing_supported_p(void) {
 	struct io_uring ring;
-	int result = io_uring_queue_init(32, &ring, 0);
+	
+	unsigned int flags = 0;
+#ifdef IORING_SETUP_SINGLE_ISSUER
+	flags |= IORING_SETUP_SINGLE_ISSUER;
+#endif
+#ifdef IORING_SETUP_DEFER_TASKRUN
+	flags |= IORING_SETUP_DEFER_TASKRUN;
+#endif
+#ifdef IORING_SETUP_TASKRUN_FLAG
+	flags |= IORING_SETUP_TASKRUN_FLAG;
+#endif
+#ifdef IORING_SETUP_SUBMIT_ALL
+	flags |= IORING_SETUP_SUBMIT_ALL;
+#endif
+	int result = io_uring_queue_init(32, &ring, flags);
+	
+#ifdef IORING_SETUP_SUBMIT_ALL
+	if (result == -EINVAL) {
+		flags &= ~IORING_SETUP_SUBMIT_ALL;
+		result = io_uring_queue_init(32, &ring, flags);
+	}
+#endif
 	
 	if (result < 0) {
 		rb_warn("io_uring_queue_init() was available at compile time but failed at run time: %s\n", strerror(-result));

data/ext/io/event/worker_pool.c

@@ -91,11 +91,20 @@ static void worker_pool_mark(void *ptr)
 	struct IO_Event_WorkerPool *pool = (struct IO_Event_WorkerPool *)ptr;
 	struct IO_Event_WorkerPool_Worker *worker = pool->workers;
 	while (worker) {
-		struct IO_Event_WorkerPool_Worker *next = worker->next;
 		// We need to mark the thread even though its marked through the VM's ractors because we call `join`
 		// on them after their completion. They could be freed by then.
-		rb_gc_mark(worker->thread);  // thread objects are currently pinned anyway
-		worker = next;
+		rb_gc_mark_movable(worker->thread);
+		worker = worker->next;
+	}
+}
+
+static void worker_pool_compact(void *ptr)
+{
+	struct IO_Event_WorkerPool *pool = (struct IO_Event_WorkerPool *)ptr;
+	struct IO_Event_WorkerPool_Worker *worker = pool->workers;
+	while (worker) {
+		worker->thread = rb_gc_location(worker->thread);
+		worker = worker->next;
 	}
 }
 
@@ -107,8 +116,8 @@ static size_t worker_pool_size(const void *ptr) {
 // Ruby TypedData structures
 static const rb_data_type_t IO_Event_WorkerPool_type = {
 	"IO::Event::WorkerPool",
-	{worker_pool_mark, worker_pool_free, worker_pool_size,},
-	0, 0, RUBY_TYPED_FREE_IMMEDIATELY
+	{worker_pool_mark, worker_pool_free, worker_pool_size, worker_pool_compact},
+	0, 0, RUBY_TYPED_FREE_IMMEDIATELY | RUBY_TYPED_WB_PROTECTED
 };
 
 // Helper function to enqueue work (must be called with mutex held)

data/lib/io/event/debug/selector.rb

@@ -10,6 +10,17 @@ module IO::Event
 		#
 		# You can enable this in the default selector by setting the `IO_EVENT_DEBUG_SELECTOR` environment variable. In addition, you can log all selector operations to a file by setting the `IO_EVENT_DEBUG_SELECTOR_LOG` environment variable. This is useful for debugging and understanding the behavior of the event loop.
 		class Selector
+			# Forwarders for optional selector hooks that not every backing selector implements (e.g. `io_close` is only provided by `URing`). Each method here is mixed into the wrapper's singleton class only when the wrapped selector actually defines a method of the same name, so feature detection via `respond_to?` continues to reflect the real backend.
+			module Forwarders
+				# Close a file descriptor, forwarded to the underlying selector. Ruby invokes this hook with a raw integer descriptor (Ruby 4.0+).
+				#
+				# @parameter descriptor [Integer] The raw file descriptor being closed.
+				def io_close(descriptor)
+					log("Closing file descriptor #{descriptor}")
+					@selector.io_close(descriptor)
+				end
+			end
+			
 			# Wrap the given selector with debugging.
 			#
 			# @parameter selector [Selector] The selector to wrap.
@@ -40,6 +51,20 @@ module IO::Event
 				end
 				
 				@log = log
+				
+				install_optional_forwarders(selector)
+			end
+			
+			private def install_optional_forwarders(selector)
+				forwarders = nil
+				
+				Forwarders.instance_methods(false).each do |name|
+					next unless selector.class.method_defined?(name)
+					forwarders ||= Module.new
+					forwarders.define_method(name, Forwarders.instance_method(name))
+				end
+				
+				singleton_class.include(forwarders) if forwarders
 			end
 			
 			# The idle duration of the underlying selector.

data/lib/io/event/priority_heap.rb

@@ -10,6 +10,8 @@ class IO
 		# of its contents to determine priority.
 		# See <https://en.wikipedia.org/wiki/Binary_heap> for explanations of the main methods.
 		class PriorityHeap
+			HEAPIFY_INSERT_RATIO = 2
+			
 			# Initializes the heap.
 			def initialize
 				# The heap is represented with an array containing a binary tree. See
@@ -79,18 +81,34 @@ class IO
 				return self
 			end
 			
-			# Add multiple elements to the heap efficiently in O(n) time.
-			# This is more efficient than calling push multiple times (O(n log n)).
+			# Add multiple elements to the heap efficiently.
 			#
 			# @parameter elements [Array] The elements to add to the heap.
 			# @returns [self] Returns self for method chaining.
 			def concat(elements)
 				return self if elements.empty?
 				
-				# Add all elements to the array without maintaining heap property - O(n)
-				@contents.concat(elements)
+				# Rebuilding the whole heap is `O(n + m)`, where `n` is the existing heap size and `m` is the appended batch size. Incremental `push` is `O(m log(n))`, but is often closer to `O(m)` when appended elements are later than the existing entries and do not bubble far. Prefer `heapify` only when building from empty or when the batch dominates the existing heap.
+				if @contents.empty? || elements.size > @contents.size * HEAPIFY_INSERT_RATIO
+					@contents.concat(elements)
+					heapify!
+				else
+					elements.each{|element| push(element)}
+				end
+				
+				return self
+			end
+			
+			# Mutate the heap contents directly, then rebuild the heap property.
+			#
+			# This supports batched operations that can be completed with a single `O(n)` heapify instead of multiple `O(log n)` heap operations.
+			#
+			# @yields {|contents| ...} The heap contents array.
+			# @returns [self] Returns self for method chaining.
+			def heapify
+				yield @contents
 				
-				# Rebuild the heap property for the entire array - O(n)
+				# The block may arbitrarily append, delete or reorder contents, so repair the invariant with one `O(n)` bottom-up heapify pass.
 				heapify!
 				
 				return self

data/lib/io/event/selector/select.rb

@@ -159,7 +159,7 @@ module IO::Event
 			def io_wait(fiber, io, events)
 				waiter = @waiting[io] = Waiter.new(fiber, events, @waiting[io])
 				
-				@loop.transfer
+				@loop.transfer || false
 			ensure
 				waiter&.invalidate
 			end
@@ -188,6 +188,11 @@ module IO::Event
 			# @parameter length [Integer] The minimum number of bytes to read.
 			# @parameter offset [Integer] The offset into the buffer to read to.
 			def io_read(fiber, io, buffer, length, offset = 0)
+				# Ensure offset is within the bounds of the buffer to avoid ArgumentError
+				if offset > buffer.size
+					return -Errno::EINVAL::Errno
+				end
+				
 				total = 0
 				
 				Selector.nonblock(io) do
@@ -218,6 +223,11 @@ module IO::Event
 			# @parameter length [Integer] The minimum number of bytes to write.
 			# @parameter offset [Integer] The offset into the buffer to write from.
 			def io_write(fiber, io, buffer, length, offset = 0)
+				# Ensure offset is within the bounds of the buffer to avoid ArgumentError
+				if offset > buffer.size
+					return -Errno::EINVAL::Errno
+				end
+				
 				total = 0
 				
 				Selector.nonblock(io) do
@@ -284,6 +294,7 @@ module IO::Event
 				
 				@waiting.delete_if do |io, waiter|
 					if io.closed?
+						# When an IO is closed, we silently drop it. Ruby 4's `rb_thread_io_close_interrupt` will take care of interrupting any fibers waiting on the closed IO, so we don't need to do anything here.
 						true
 					else
 						waiter.each do |fiber, events|
@@ -328,7 +339,12 @@ module IO::Event
 				end
 				
 				if error
-					# Requeue the error into the pending exception queue:
+					if error.is_a?(IOError) || error.is_a?(Errno::EBADF)
+						# This can happen if an IO is closed while we're blocked in ::IO.select. Ruby 4's `rb_thread_io_close_interrupt` will take care of interrupting any fibers waiting on the closed IO, so we don't need to do anything here, except try again:
+						return 0
+					end
+					
+					# For all other errors (e.g. thread interrupts), re-queue on the scheduler thread:
 					Thread.current.raise(error)
 					return 0
 				end
@@ -336,15 +352,17 @@ module IO::Event
 				ready = Hash.new(0).compare_by_identity
 				
 				readable&.each do |io|
-					ready[io] |= IO::READABLE
+					# Skip any IO that was closed/reused after IO.select returned - its fd number
+					# may now belong to a different file, so resuming the waiter would be wrong:
+					ready[io] |= IO::READABLE unless io.closed?
 				end
 				
 				writable&.each do |io|
-					ready[io] |= IO::WRITABLE
+					ready[io] |= IO::WRITABLE unless io.closed?
 				end
 				
 				priority&.each do |io|
-					ready[io] |= IO::PRIORITY
+					ready[io] |= IO::PRIORITY unless io.closed?
 				end
 				
 				ready.each do |io, events|

data/lib/io/event/timers.rb

@@ -9,6 +9,8 @@ class IO
 	module Event
 		# An efficient sorted set of timers.
 		class Timers
+			COMPACT_MINIMUM_COUNT = 128
+			
 			# A handle to a scheduled timer.
 			class Handle
 				# Initialize the handle with the given time and block.
@@ -16,6 +18,7 @@ class IO
 				# @parameter time [Float] The time at which the block should be called.
 				# @parameter block [Proc] The block to call.
 				def initialize(time, block)
+					@timers = nil
 					@time = time
 					@block = block
 				end
@@ -26,6 +29,16 @@ class IO
 				# @attribute [Proc | Nil] The block to call when the timer fires.
 				attr :block
 				
+				# Mark the timer as inserted into the heap.
+				def schedule!(timers)
+					@timers = timers
+				end
+				
+				# Mark the timer as removed from the heap.
+				def removed!
+					@timers = nil
+				end
+				
 				# Compare the handle with another handle.
 				#
 				# @parameter other [Handle] The other handle to compare with.
@@ -49,7 +62,14 @@ class IO
 				
 				# Cancel the timer.
 				def cancel!
+					return if @block.nil?
+					
 					@block = nil
+					
+					if timers = @timers
+						@timers = nil
+						timers.cancelled!(self)
+					end
 				end
 				
 				# @returns [Boolean] Whether the timer has been cancelled.
@@ -62,6 +82,7 @@ class IO
 			def initialize
 				@heap = PriorityHeap.new
 				@scheduled = []
+				@cancelled = 0
 			end
 			
 			# @returns [Integer] The number of timers in the heap.
@@ -101,6 +122,8 @@ class IO
 				while handle = @heap.peek
 					if handle.cancelled?
 						@heap.pop
+						handle.removed!
+						@cancelled -= 1 if @cancelled > 0
 					else
 						return handle.time - now
 					end
@@ -123,9 +146,12 @@ class IO
 				while handle = @heap.peek
 					if handle.cancelled?
 						@heap.pop
+						handle.removed!
+						@cancelled -= 1 if @cancelled > 0
 					elsif handle.time <= now
 						# Remove the earliest timer from the heap:
 						@heap.pop
+						handle.removed!
 						
 						# Call the block:
 						handle.call(now)
@@ -137,11 +163,53 @@ class IO
 			
 			# Flush all scheduled timers into the heap.
 			#
-			# This is a small optimization which assumes that most timers (timeouts) will be cancelled.
+			# Scheduling appends to `@scheduled` and cancellation is `O(1)`. We pay the cost of filtering and heap repair here, where we can batch work and choose between incremental insertion and one `heapify` pass.
 			protected def flush!
-				while handle = @scheduled.pop
-					@heap.push(handle) unless handle.cancelled?
+				# Once cancelled handles are both numerous and a large fraction of the heap, rebuild the heap. This is `O(n + m)`, but it removes retained cancelled handles and appends live scheduled handles in the same `heapify` pass instead of paying for separate filtering and insertion.
+				if @cancelled >= COMPACT_MINIMUM_COUNT && @cancelled * 2 > @heap.size
+					@heap.heapify do |contents|
+						contents.delete_if do |handle|
+							if handle.cancelled?
+								handle.removed!
+								true
+							end
+						end
+						
+						@scheduled.each do |handle|
+							unless handle.cancelled?
+								handle.schedule!(self)
+								contents << handle
+							end
+						end
+					end
+					
+					@cancelled = 0
+				else
+					# If we are not compacting the heap, filter scheduled handles in place before insertion. This keeps cancelled scheduled handles out of the heap without adding cancellation-time heap deletion.
+					@scheduled.delete_if do |handle|
+						if handle.cancelled?
+							true
+						else
+							handle.schedule!(self)
+							false
+						end
+					end
+					
+					# Small heaps can become entirely cancelled before reaching the compaction threshold. Clear those immediately so `size` does not retain cancelled handles indefinitely.
+					if @cancelled == @heap.size && @scheduled.empty?
+						@heap.clear!
+						@cancelled = 0
+					else
+						@heap.concat(@scheduled)
+					end
 				end
+				
+				@scheduled.clear
+			end
+			
+			# Track cancelled timers that are still retained in the heap.
+			def cancelled!(handle)
+				@cancelled += 1
 			end
 		end
 	end

data/lib/io/event/version.rb

@@ -7,6 +7,6 @@
 class IO
 	# @namespace
 	module Event
-		VERSION = "1.14.5"
+		VERSION = "1.16.2"
 	end
 end

data/license.md

@@ -16,6 +16,9 @@ Copyright, 2025, by Luke Gruber.
 Copyright, 2026, by William T. Nelson.  
 Copyright, 2026, by Stan Hu.  
 Copyright, 2026, by John Hawthorn.  
+Copyright, 2026, by Italo Brandão.  
+Copyright, 2026, by Fletcher Dares.  
+Copyright, 2026, by Tavian Barnes.  
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

data/readme.md

@@ -18,46 +18,51 @@ Please see the [project documentation](https://socketry.github.io/io-event/) for
 
 Please see the [project releases](https://socketry.github.io/io-event/releases/index) for all releases.
 
-### v1.14.4
+### v1.16.2
 
-  - Allow `epoll_pwait2` to be disabled via `--disable-epoll_pwait2`.
+  - Improve timer heap performance by batching scheduled timer insertion, compacting cancelled timers during flush, and avoiding unnecessary heap rebuilds for small incremental inserts.
 
-### v1.14.3
+### v1.16.1
 
-  - Fix several implementation bugs that could cause deadlocks on blocking writes.
+  - Ensure the pure Ruby `Select` selector returns `false`, not `nil`, when `io_wait` resumes without any ready events.
 
-### v1.14.0
+### v1.16.0
 
-  - [Enhanced `IO::Event::PriorityHeap` with deletion and bulk insertion methods](https://socketry.github.io/io-event/releases/index#enhanced-io::event::priorityheap-with-deletion-and-bulk-insertion-methods)
+  - Use `eventfd` for `URing` cross-thread wakeup, and enable `IORING_SETUP_SINGLE_ISSUER`, `IORING_SETUP_DEFER_TASKRUN`, and `IORING_SETUP_TASKRUN_FLAG`. The waking thread now signals via `eventfd` rather than submitting a `NOP` SQE, which unlocks the single-issuer optimisation, defers task work to the application thread, and lets `select()` skip the `io_uring_get_events()` syscall when no task work is pending.
+  - Add support for the `io_close` fiber-scheduler hook (Ruby 4.0+). The `URing` selector performs the close asynchronously via the ring; the `Debug::Selector` and `TestScheduler` wrappers forward to the underlying selector when supported.
+  - Improve `WorkerPool` GC compaction support and add proper write barriers, fixing potential use-after-free under compacting GC.
+  - Keep blocked scheduler fibers alive during GC by registering them as roots in `TestScheduler#block`, preventing premature collection and the resulting use-after-free crash on resume.
+  - Use Ruby's `xmalloc` / `xcalloc` / `xrealloc2` / `xfree` for all internal selector allocations (the per-fiber ready-queue entries in `IO_Event_Selector_ready_push`, and both the backing array and per-element allocations in `IO_Event_Array`). Previously a raw `malloc` paired with a debug-build-only `assert(...)` would silently dereference `NULL` and crash in release builds under memory pressure; the Ruby allocators trigger a GC sweep on pressure and raise `NoMemoryError` / `RangeError` on real failure, so the `-1` return-code paths through `IO_Event_Array_initialize` / `_resize` / `_lookup` and their callers in `epoll.c` / `kqueue.c` / `uring.c` are removed in favour of straight exception propagation.
+  - Correctly handle short `io_uring_submit()` results in the `URing` selector. `io_uring_submit()` returns the number of SQEs actually accepted by the kernel and can be short (SQE prep errors, `ENOMEM`, transient `EAGAIN`); the old accounting reset `pending = 0` on any success and silently lost track of unsubmitted SQEs.
+  - Enable `IORING_SETUP_SUBMIT_ALL` (kernel 5.18+) on the `URing` selector so the kernel keeps processing the rest of an SQE batch past individual errors, reducing the frequency of short submits in practice.
 
-### v1.11.2
+### v1.15.1
 
-  - Fix Windows build.
+  - Simplify closed-IO handling in the `Select` selector: rely on Ruby 4's `rb_thread_io_close_interrupt` to wake fibers waiting on a descriptor that's been closed, removing a custom error-recovery path that could mis-attribute `IOError` / `Errno::EBADF` to the wrong waiter.
 
-### v1.11.1
+### v1.15.0
 
-  - Fix `read_nonblock` when using the `URing` selector, which was not handling zero-length reads correctly. This allows reading available data without blocking.
+  - Add bounds checks, in the unlikely event of a user providing an invalid offset that exceeds the buffer size. This prevents potential memory corruption and ensures safe operation when using buffered IO methods.
 
-### v1.11.0
+### v1.14.4
 
-  - [Introduce `IO::Event::WorkerPool` for off-loading blocking operations.](https://socketry.github.io/io-event/releases/index#introduce-io::event::workerpool-for-off-loading-blocking-operations.)
+  - Allow `epoll_pwait2` to be disabled via `--disable-epoll_pwait2`.
 
-### v1.10.2
+### v1.14.3
 
-  - Improved consistency of handling closed IO when invoking `#select`.
+  - Fix several implementation bugs that could cause deadlocks on blocking writes.
 
-### v1.10.0
+### v1.14.0
 
-  - `IO::Event::Profiler` is moved to dedicated gem: [fiber-profiler](https://github.com/socketry/fiber-profiler).
-  - Perform runtime checks for native selectors to ensure they are supported in the current environment. While compile-time checks determine availability, restrictions like seccomp and SELinux may still prevent them from working.
+  - [Enhanced `IO::Event::PriorityHeap` with deletion and bulk insertion methods](https://socketry.github.io/io-event/releases/index#enhanced-io::event::priorityheap-with-deletion-and-bulk-insertion-methods)
 
-### v1.9.0
+### v1.11.2
 
-  - Improved `IO::Event::Profiler` for detecting stalls.
+  - Fix Windows build.
 
-### v1.8.0
+### v1.11.1
 
-  - Detecting fibers that are stalling the event loop.
+  - Fix `read_nonblock` when using the `URing` selector, which was not handling zero-length reads correctly. This allows reading available data without blocking.
 
 ## Contributing
 

data/releases.md

@@ -1,5 +1,31 @@
 # Releases
 
+## v1.16.2
+
+  - Improve timer heap performance by batching scheduled timer insertion, compacting cancelled timers during flush, and avoiding unnecessary heap rebuilds for small incremental inserts.
+
+## v1.16.1
+
+  - Ensure the pure Ruby `Select` selector returns `false`, not `nil`, when `io_wait` resumes without any ready events.
+
+## v1.16.0
+
+  - Use `eventfd` for `URing` cross-thread wakeup, and enable `IORING_SETUP_SINGLE_ISSUER`, `IORING_SETUP_DEFER_TASKRUN`, and `IORING_SETUP_TASKRUN_FLAG`. The waking thread now signals via `eventfd` rather than submitting a `NOP` SQE, which unlocks the single-issuer optimisation, defers task work to the application thread, and lets `select()` skip the `io_uring_get_events()` syscall when no task work is pending.
+  - Add support for the `io_close` fiber-scheduler hook (Ruby 4.0+). The `URing` selector performs the close asynchronously via the ring; the `Debug::Selector` and `TestScheduler` wrappers forward to the underlying selector when supported.
+  - Improve `WorkerPool` GC compaction support and add proper write barriers, fixing potential use-after-free under compacting GC.
+  - Keep blocked scheduler fibers alive during GC by registering them as roots in `TestScheduler#block`, preventing premature collection and the resulting use-after-free crash on resume.
+  - Use Ruby's `xmalloc` / `xcalloc` / `xrealloc2` / `xfree` for all internal selector allocations (the per-fiber ready-queue entries in `IO_Event_Selector_ready_push`, and both the backing array and per-element allocations in `IO_Event_Array`). Previously a raw `malloc` paired with a debug-build-only `assert(...)` would silently dereference `NULL` and crash in release builds under memory pressure; the Ruby allocators trigger a GC sweep on pressure and raise `NoMemoryError` / `RangeError` on real failure, so the `-1` return-code paths through `IO_Event_Array_initialize` / `_resize` / `_lookup` and their callers in `epoll.c` / `kqueue.c` / `uring.c` are removed in favour of straight exception propagation.
+  - Correctly handle short `io_uring_submit()` results in the `URing` selector. `io_uring_submit()` returns the number of SQEs actually accepted by the kernel and can be short (SQE prep errors, `ENOMEM`, transient `EAGAIN`); the old accounting reset `pending = 0` on any success and silently lost track of unsubmitted SQEs.
+  - Enable `IORING_SETUP_SUBMIT_ALL` (kernel 5.18+) on the `URing` selector so the kernel keeps processing the rest of an SQE batch past individual errors, reducing the frequency of short submits in practice.
+
+## v1.15.1
+
+  - Simplify closed-IO handling in the `Select` selector: rely on Ruby 4's `rb_thread_io_close_interrupt` to wake fibers waiting on a descriptor that's been closed, removing a custom error-recovery path that could mis-attribute `IOError` / `Errno::EBADF` to the wrong waiter.
+
+## v1.15.0
+
+  - Add bounds checks, in the unlikely event of a user providing an invalid offset that exceeds the buffer size. This prevents potential memory corruption and ensures safe operation when using buffered IO methods.
+
 ## v1.14.4
 
   - Allow `epoll_pwait2` to be disabled via `--disable-epoll_pwait2`.

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: io-event
 version: !ruby/object:Gem::Version
-  version: 1.14.5
+  version: 1.16.2
 platform: ruby
 authors:
 - Samuel Williams
@@ -11,9 +11,12 @@ authors:
 - Benoit Daloze
 - Bruno Sutic
 - Shizuo Fujita
+- Tavian Barnes
 - Alex Matchneer
 - Anthony Ross
 - Delton Ding
+- Fletcher Dares
+- Italo Brandão
 - John Hawthorn
 - Luke Gruber
 - Pavel Rosický
@@ -120,7 +123,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 4.0.6
+rubygems_version: 4.0.10
 specification_version: 4
 summary: An event loop.
 test_files: []